WiFi vulnerabilities

Earlier this week the Guardian ran a piece about an experiment setting up spoof WiFi hotspots which could be used to harvest user information. The fundamental problem is that it’s very difficult to identify for certain that a particular wireless network that a device is connected to is exactly what it claims to be.

Some of the commenters raise the question of whether this is a new vulnerability. It isn’t: what’s new is that small mobile routers are widely and cheaply available, and you could set one up in one of the cafés at St Pancras, as in the photo, without attracting any particular attention from passers by. But in other ways, this just a new twist on one of the oldest techniques of all to harvest information about computer users, that is the programme that puts up a fake login screen but actually collects a whole set of usernames and passwords.